Nmap Development mailing list archives

Re: Fyodor, I would like to have your point of vue on SinFP tool

From: GomoR <nmap-hackers () gomor org>
Date: Sat, 13 May 2006 14:06:00 +0200

On Fri, May 12, 2006 at 05:41:56PM -0700, Fyodor wrote:
[..]

No, I think it is entirely appropriate here.  Thanks for posting, even


Perfect.

though I was already familiar with SinFP.  I took a look at it in
March while Zhao Lei and I were working on a 2nd generation
fingerprinting system for Nmap.


Thank you ;)

It is a great little tool, though I
dispute the web page statement that Nmap's "approach to OS
fingerprinting is becoming to be obsolete" due to "stateful filtering
devices, PAT/NAT configurations and emerging packet normalization
technologies".


Yes, and I need to apologies for that. When I released it the first
time (on june 2005), I got nearly zero replies. And the one I received
were not useful. 

So, I changed my mind, and resolved to use marketting wording, to
trick people into trying SinFP. It is not simple to change user
habits.

I agree that those obstacles can be a challenge, but
Nmap is pretty resilient to most of this.  It has to be, given that
people use it across just about every sort of network available.  But
I hope the new system will be even more powerful.


Well, I used to work for a company that developped a vulnerability
scanner. And when you see nmap giving Turtle OS, when it is, in fact,
a classical Linux, you change your mind. But I am not here to start
a troll or flamewar. 

Just to finish on this subject; I will add:
No response from a probe is not meaningful. We cannot conclude anything.
No bug report from users is not meaningful. We cannot conclude anything.

I hope to release a
paper very soon to nmap-dev documenting that upcoming system.  We
would of course appreciate your input.


And I will be very glad to comment on it, to help make nmap better.

Cheers,
-F


 --
 ^  ___  ___             http://www.GomoR.org/          <-+
 | / __ |__/          Systems & Security Engineer         |
 | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
 +-->  Net::Packet <=> http://search.cpan.org/~gomor/  <--+


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Fyodor, I would like to have your point of vue on SinFP tool GomoR (May 06)
- Re: Fyodor, I would like to have your point of vue on SinFP tool Fyodor (May 12)
- <Possible follow-ups>
- Re: Fyodor, I would like to have your point of vue on SinFP tool GomoR (May 13)